Latest CVE Feed
-
7.8
HIGHCVE-2024-9167
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.... Read more
Affected Products : velocity_license_server- Published: Oct. 08, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2024-4405
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to ex... Read more
- Published: May. 02, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2024-4406
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required ... Read more
- Published: May. 02, 2024
- Modified: Aug. 13, 2025
-
7.5
HIGHCVE-2023-27334
Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authenticati... Read more
Affected Products : secure_integration_server edgeconnector edgeaggregator opc_ua_c\+\+_software_development_kit- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
9.6
CRITICALCVE-2023-27335
Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this ... Read more
- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.5
HIGHCVE-2023-27336
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentica... Read more
- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.8
HIGHCVE-2023-27347
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-pr... Read more
Affected Products : total_security- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
7.8
HIGHCVE-2023-27362
3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the targe... Read more
Affected Products : 3cx- Published: May. 03, 2024
- Modified: Aug. 13, 2025
-
4.3
MEDIUMCVE-2024-20497
A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) u... Read more
- Published: Sep. 04, 2024
- Modified: Aug. 12, 2025
-
7.4
HIGHCVE-2025-3155
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.... Read more
- Published: Apr. 03, 2025
- Modified: Aug. 12, 2025
-
7.5
HIGHCVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus openshift_container_platform enterprise_linux_eus enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions rsync enterprise_linux_for_ibm_z_systems +10 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
-
7.5
HIGHCVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the ... Read more
Affected Products : enterprise_linux enterprise_linux_server_aus enterprise_linux_eus enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions rsync suse_linux enterprise_linux_for_ibm_z_systems +8 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
-
7.5
HIGHCVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uniniti... Read more
Affected Products : enterprise_linux enterprise_linux_server enterprise_linux_server_aus enterprise_linux_server_tus openshift_container_platform enterprise_linux_eus openshift enterprise_linux_for_ibm_z_systems_eus enterprise_linux_for_power_little_endian enterprise_linux_for_power_little_endian_eus +13 more products- Published: Jan. 14, 2025
- Modified: Aug. 12, 2025
-
6.1
MEDIUMCVE-2025-54783
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 12, 2025
-
8.6
HIGHCVE-2025-54784
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 12, 2025
-
3.7
LOWCVE-2025-54787
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is na... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 12, 2025
-
4.5
MEDIUMCVE-2025-52893
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the... Read more
Affected Products : openbao- Published: Jun. 25, 2025
- Modified: Aug. 12, 2025
-
7.5
HIGHCVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recover... Read more
Affected Products : openbao- Published: Jun. 25, 2025
- Modified: Aug. 12, 2025
-
7.2
HIGHCVE-2025-54996
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were... Read more
Affected Products : openbao- Published: Aug. 09, 2025
- Modified: Aug. 12, 2025
-
5.3
MEDIUMCVE-2025-54998
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass ... Read more
Affected Products : openbao- Published: Aug. 09, 2025
- Modified: Aug. 12, 2025